Re: Official Debian digital 'branding' of debs

To: debian-devel@lists.debian.org
Subject: Re: Official Debian digital 'branding' of debs
From: Manoj Srivastava <srivasta@debian.org>
Date: 29 Jun 1999 16:07:31 -0500
Message-id: <[🔎] 87n1xiyauk.fsf@glaurung.green-gryphon.com>
In-reply-to: Nicolás Lichtmaier's message of "Wed, 23 Jun 1999 23:56:57 -0300"
References: <[🔎] 376A06C5.F365D0E1@saab.se> <[🔎] 19990618134125.B10610@quango2.watervalley.net> <[🔎] 19990620143317.A256@debian.org> <[🔎] 87d7ynx7w5.fsf@glaurung.green-gryphon.com> <[🔎] 19990623235657.B365@debian.org>

Hi,
>>"Nicolás" == Nicolás Lichtmaier <nick@debian.org> writes:

 >> Nicolás>  But there IS a single point of failure. All solutions you
 >> Nicolás> can image will have that. If you have developers sign
 >> Nicolás> packages with their own keys, you'll need a mean to
 >> Nicolás> `authorize' developers, in the form of a Debian signature to
 >> Nicolás> the developers' signature.
 >> Not true. The presence of the developers keys in the
 >> debian-keyring package should be enough, as long as you have a secure
 >> keyring.

 Nicolás>  Uh? What's that? Since when one should be careful about
 Nicolás> which keys allows in his key ring?

        When did I say that? Your own personal keys are your
 business. To check debian pacages, you have to get a secure debian
 keyring package (make sure the detatched signature matches the
 keyring, check with the T shirt to make sure you have the correct
 debian key).

        

 Nicolás> The security check you propose requires a specific knowledge
 Nicolás> that users won't probably have.

        Rubbish. We can encapsulate all the steps required into a
 script (signed by the known good debian key); and that checks
 each .deb file against the debian keyring (first ensuring that the
 keyring is signed by the correct key). The script is simple, and the
 user can manually perform each step.

 Nicolás>  Besides I'd like to have a test that could be carried out
 Nicolás>  automatically... 

        That is where the script comes in. The critical part is to
 ensure that the script matches the detatched signature, and you have
 an automatic .deb file checker that is cryptographically secure, with
 the folowing caveats:

 a) You have to get the correct key (which shall be widely published)
 b) Ensure that the script matches the detatched signature made by the
    master key -- there is no point in trying to make the scripot
    check itself ;-)
 c) You trust the debian developer team (since they are the ones who
    are creating the packages.


 >> Having a detatched signature on the keyring made by the
 >> master key is your security.

 Nicolás>  I didn't unserstand this sentence...

        That was clear enough.

        manoj
-- 
 A bhikkhu taking pleasure in being attentive, and recognising the
 danger of carelessness, makes progress like a forest fire, consuming
 all obstacles large or small in his way. 31
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E

Reply to:

Follow-Ups:
- Re: Official Debian digital 'branding' of debs
  - From: Nicolás Lichtmaier <nick@debian.org>

References:
- Official Debian digital 'branding' of debs
  - From: Gunnar.Isaksson@saab.se
- Re: Official Debian digital 'branding' of debs
  - From: Chris Lawrence <quango@watervalley.net>
- Re: Official Debian digital 'branding' of debs
  - From: Nicolás Lichtmaier <nick@debian.org>
- Re: Official Debian digital 'branding' of debs
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: Official Debian digital 'branding' of debs
  - From: Nicolás Lichtmaier <nick@debian.org>

Prev by Date: Re: Official Debian digital 'branding' of debs
Next by Date: ITP: python-{graphite,piddle}
Previous by thread: Re: Official Debian digital 'branding' of debs
Next by thread: Re: Official Debian digital 'branding' of debs
Index(es):
- Date
- Thread